13 Facts About Forward secrecy

Forward secrecy protects past sessions against future compromises of keys or passwords.

Forward secrecy protects data on the transport layer of a network that uses common Transport Layer Security protocols, including OpenSSL, when its long-term secret keys are compromised, as with the Heartbleed security bug.

Value of forward secrecy depends on the assumed capabilities of an adversary.

Forward secrecy has value if an adversary is assumed to be able to obtain secret keys from a device but is either detected or unable to modify the way session keys are generated in the device.

Forward secrecy typically uses an ephemeral Diffie-Hellman key exchange to prevent reading past traffic.

Related searches

Forward secrecy has been used to describe the analogous property of password-authenticated key agreement protocols where the long-term secret is a password.

Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations.

However, forward secrecy cannot defend against a successful cryptanalysis of the underlying ciphers being used, since a cryptanalysis consists of finding a way to decrypt an encrypted message without the key, and forward secrecy only protects keys, not the ciphers themselves.

Broadly, two approaches to non-interactive forward secrecy have been explored, pre-computed keys and puncturable encryption.

Weak perfect forward secrecy is the weaker property whereby when agents' long-term keys are compromised, the secrecy of previously established session-keys is guaranteed, but only for sessions in which the adversary did not actively interfere.

Forward secrecy is present in several major protocol implementations, such as SSH and as an optional feature in IPsec.

OpenSSL supports forward secrecy using elliptic curve Diffie–Hellman since version 1.

Forward secrecy is seen as an important security feature by several large Internet information providers.